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Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in the application: 

Listing of Claims: 

1. (Original) A method for allowing proxies in an Identity System, 

comprising the steps of: 

receiving a request for a first entity to be a proxy for a second entity; 

associating said first entity with one or more credentials of said second entity 
without authenticating said first entity as said second entity; and 

allowing said first entity to use said Identity System as said second entity based 
on said one or more credentials of said second entity. 

2. (Original) A method according to claim 1, wherein said step of receiving 
a request includes the steps of: 

providing a notification to said first entity of an ability to be said proxy for said 
second entity; and 

receiving a request from said first entity to be said proxy for said second entity. 

3. (Original) A method according to claim 2, wherein: 
said notification includes an email. 

4. (Original) A method according to claim 2, wherein: 
said notification includes a display page for said Identity System. 

5. (Original) A method according to claim 1, wherein said step of receiving 
a request includes the step of: 

receiving an indication from said second entity that said first entity can be said 
proxy for a second entity. 
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6. (Original) A method according to claim 1, wherein said step of receiving 
a request includes the steps of: 

providing a list of potential proxy candidates; 

providing a search mechanism to add more candidates to said list of potential 
proxy candidates; and 

receiving a selection of one or more of said potential proxy candidates, including 
a selection of said fist entity. 

7. (Currently Amended) A method according to claim 1 , wherein: 
said credentials includ e s include a distinguished name for said second entity. 

8. (Currently Amended) A method according to claim 1 , wherein: 

said credentials includ e s include identity profile attributes for said second entity. 

9. (Original) A method according to claim 1 , wherein: 

said step of associating includes storing an identification of said second entity in a 
data element used to identify said first entity. 

10. (Original) A method according to claim 1, wherein: 

said step of associating includes storing an identification of said second entity in a 
cookie for said first entity. 

1 1 . (Original) A method according to claim 1 , wherein: 

said step of associating includes using an identification of said second entity to 
identify said first entity. 

12. (Currently Amended) A method according to claim 1, wherein said step 
of associating includes the steps of: 

accessing an Identity System cookie for said first entity, said Identity System 
cookie stores an identification of said first entity; 



OED-2005- 162-02 



Page 3 of 17 



Appl. No. 09/998,916 PATENT 

Amdt. dated: November 7, 2005 

Amendment under 37 CFR 1.116 Expedited Procedure 

Examining Group 2145 

storing said identification of said first entity from said step of accessing in a 
second cookie; and 

storing an identification of said second entity in said [[an]] Identity System cookie 
for said first entity. 

13. (Original) A method according to claim 12, further comprising the steps 

of: 

receiving a request to terminate said first entity being a proxy for said second 

entity; 

accessing said identification of said first entity in said second cookie; and 
storing said identification of said first entity in said Identity System cookie for 
said first entity. 

14. (Original) A method according to claim 12, further comprising the steps 

of: 

receiving a request from said first entity to access said Identity System; 

determining whether said Identity System cookie for said first entity exists; 

providing access to said Identity System for said first entity if said Identity 
System cookie for said first entity exists; and 

authenticating said first entity and creating said Identity System cookie if said 
Identity System cookie for said first entity does not exist prior to said step of determining, said 
step of creating includes adding said identification of said first entity to said Identity System 
cookie. 

15. (Original) A method according to claim 12, wherein said step of allowing 
includes the steps of: 

receiving a request from said first entity to access a service in said Identity 

System; 

accessing said identification of said second entity in said Identity System cookie; 
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accessing attributes for said second entity based on said identification of said 
second entity in said Identity System cookie; and 

providing access to said service in said Identity System based on said attributes 
for said second entity. 

16. (Original) A method according to claim 1, wherein: 

said steps of receiving, associating and allowing are performed without said first entity providing 
a password for said second entity. 

17. (Original) A method according to claim 1 ; wherein: 

said step of associating verifies that said second entity is a delegated administrator 
having a right to be proxied. 

18. (Original) A method according to claim 1, further comprising the step of: 
delegating a right to be proxied to said second entity, said step of associating 

verifies that said second entity has said right to be proxied. 

19. (Currently Amended) A method according to claim 1, wherein: 

said Identity System is [[par]] part of an integrated Identity System and Access 

System. 

20. (Currently Amended) A method according to claim 1 , wherein: 

said Identity System is part of an integrated Identity System and Access System; 

and 

said [[an]] integrated Identity System and Access System uses said credentials of 
said second entity to authorize said second entity to access resources. 

21 . (Currently Amended) A method according to claim20 , claim 20 wherein: 
said step of allowing does not include using said credentials of said second entity 

to authorize said first entity to access resources. 
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22. (Original) A method according to Claim 1, wherein: 

said Identity System is part of an integrated Identity System and Access System; 

and 

said steps of associating and allowing provide for said first entity to be said proxy 
for said second entity in said Identity System but does not provide for said first entity to be said 
proxy for said second entity in said Access System. 

23. (Previously Presented) A method according to claim 1 , wherein: 

said Identity System is part of an integrated Identity System and Access System; 
said step of associating includes the steps of: 

accessing an Identity System cookie for said first entity, said Identity 
System cookie stores an identification of said first entity, and 

storing an identification of said second entity in said an Identity System 
cookie for said first entity; 

said Access System uses an Access System cookie for said first entity, said 
Identity System cookie is separate from said Access System cookie; and 

said Access System cookie for said first entity does not store an indication of said 

second entity. 

24. (Original) One or more processor readable storage devices having 
processor readable code embodied on said processor readable storage devices, said processor 
readable code for programming one or more processors to perform a method comprising the 
steps of: 

receiving a request for a first entity to be a proxy for a second entity; 

associating said first entity with one or more credentials of said second entity 
without authenticating said first entity as said second entity; and 

allowing said first entity to use said Identity System as said second entity based 
on said one or more credentials of said second entity. 
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25. (Currently Amended) One or more processor readable storage devices 
according to claim 24, wherein: 

said credentials includ e s include identity profile attributes for said second entity. 

26. (Original) One or more processor readable storage devices according to 
claim 24, wherein: 

said step of associating includes storing an identification of said second entity in a 
data element used to identify said first entity. 

27. (Currently Amended) One or more processor readable storage devices 
according to claim 24, wherein: 

said step of associating includes the steps of: 

accessing an Identity System' System cookie for said first entity, said 
Identity System cookie stores an identification of said first entity, 

storing said identification of said first entity from said step of accessing in 

a second cookie, and 

storing an identification of said second entity in said [[an]] Identity 
System cookie for said first entity; and 

said method further comprises the steps of: 

receiving a request to terminate said first entity being a proxy for said 

second entity, 

accessing said identification of said first entity in said second cookie, and 
storing said identification of said first entity in said Identity System cookie 

for said first entity. 

28. (Original) One or more processor readable storage devices according to 
claim 27, wherein said step of allowing includes the steps of: 

receiving a request from said first entity to access a service in said Identity 

System; 
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accessing said identification of said second entity in said Identity System cookie; 

accessing attributes for said second entity based on said identification of said 
second entity in said Identity System cookie; and 

providing access to said service in said Identity System based on said attributes 
for said second entity. 

29. (Original) One or more processor readable storage devices according to 
claim 24, wherein: 

said steps of receiving, associating and allowing are performed without said first 
entity providing a password for said second entity. 

30. (Original) One or more processor readable storage devices according to 
claim 24, wherein: 

said Identity System is part of an integrated Identity System and Access System; 

and 

said steps of associating and allowing provide for said first entity to be said proxy 
for said second entity in said Identity System but does not provide for said first entity to be said 
proxy for said second entity in said Access System. 

3 1 . (Currently Amended) One or more processor readable storage devices 
according to claim 24, wherein: 

said Identity System is [[par]] part of an integrated Identity System and Access 

System; 

said step of associating includes the steps of: 

accessing an Identity System cookie for said first entity, said Identity 
System cookie stores an identification of said first entity, and 

storing an identification of said second entity in said [[an]] Identity 
System cookie for said first entity; 
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said Access System uses an Access System cookie for said first entity, said 
Identity System cookie is separate from said Access System cookie; and 

said Access System cookie for said first entity does not store an indication of said 

second entity. 

32. (Original) An apparatus that allows for proxies in an Identity System, 

comprising: 

one or more communication interfaces; 
one or more storage devices; and 

one or more processors in communication with said one or more storage devices 
and said one or more communication interfaces, said processor performs a method comprising 
the steps of: 

receiving a request for a first entity to be a proxy for a second entity, 
associating said first entity with one or more credentials of said second 

entity without authenticating said first entity as said second entity, and 

allowing said first entity to use said Identity System as said second entity 

based on said one or more credentials of said second entity. 

33. (Currently Amended) An apparatus according to claim 32, wherein: 
said credentials includ e s include identity profile attributes for said second entity. 

34. (Original) An apparatus according to claim 32, wherein: 

said step of associating includes storing an identification of said second entity in a 
data element used to identify said first entity. 

35. (Currently Amended) An apparatus according to claim 32, wherein: 
said step of associating includes the steps of: 

accessing an Identity System cookie for said first entity, said Identity 
System cookie stores an identification of said first [[entity-]] entity; 
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storing said identification of said first entity from said step of accessing in 

a second cookie, and 

storing an identification of said second entity in said [[an]] Identity 
System cookie for said first entity; and 

said method further comprises the steps of: 

receiving a request to terminate said first entity being a proxy for said 

second entity; 

accessing said identification of said first entity in said second cookie, and 
storing said identification of said first entity in said Identity System cookie 

for said first entity. 

36. (Original) An apparatus according to claim 35, wherein said step of 
allowing includes the step of: 

receiving a request from said first entity to access a service in said Identity 

System; 

accessing said identification of said second entity in said Identity System cookie; 

accessing attributes for said second entity based on said identification of said 
second entity in said Identity System cookie; and 

providing access to said service in said Identity System based on said attributes 
for said second entity. 

37. (Original) An apparatus according to claim 32, wherein: 

said steps of receiving, associating and allowing are performed without said first 
entity providing a password for said second entity. 

38. (Currently Amended) An apparatus according to claim 32, wherein: 
said Identity System is part of an integrated Identity System [[.and]] and Access 

System; and 
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said steps of associating and allowing provide for said first [[entity.]] entity to be 
said proxy for said second entity in said Identity System but does not provide for said first entity 
to be said proxy for said second entity in said Access System. 

39. (Currently Amended) An apparatus according to claim 32, wherein: 
said Identity System is part of an integrated Identity System and Access System; 
said step of associating includes the steps of: 

accessing an Identity System cookie for said first entity, said Identity 
System cookie stores an identification of said first entity, and 

storing an identification of said second entity in said [[an]] Identity 
System cookie for said first entity; 

said Access System uses an Access System cookie for said first entity, said 
Identity System cookie is separate from said Access System cookie; and 

said Access System cookie for said first entity does not store an indication of said 

second entity. 

40. (Original) A method for allowing proxies in a system, comprising the 

steps of: 

receiving an indication that a first entity can be a proxy for a second entity, said 
indication is from said second entity; 

receiving an indication from said first entity to become said proxy for said second 

entity; 

associating said first entity with one or more credentials of said second entity 
without authenticating said first entity as said second entity; and 

allowing said first entity to use said system as said second entity based on said 
one or more credentials of said second entity. 

41 . (Original) A method according to claim 40, wherein: 



OID-2005- 162-02 



Page 11 of 17 



Appl. No. 09/998,916 PATENT 

Amdt. dated: November 7, 2005 

Amendment under 37 CFR 1.116 Expedited Procedure 

Examining Group 2145 

said step of associating includes storing an identification of said second entity in a 
data element used to identify said first entity. 

42. (Currently Amended) A method according to claim 40, wherein: 
said step of associating includes the steps of: 

accessing a first cookie for said first entity, said first cookie stores an 
identification of said first entity, 

storing said identification of said first entity in a second cookie, and 
storing an identification of said second entity in said [[an]] first cookie for 

said first entity; and 

said method further comprises the steps of: 

receiving a request to terminate said first entity being a proxy for said 

second entity, 

accessing said identification of said first entity in said second cookie, and 
storing said identification of said first entity in said fist cookie for said 

first entity. 

43. (Original) A method according to claim 42, wherein said step of allowing 
includes the steps of: 

receiving a request from said first entity to access a service; 
accessing said identification of said second entity in said first cookie; 
accessing attributes for said second entity based on said identification of said 
second entity in said first cookie; and 

providing access to said service based on said attributes for said second entity. 

44. (Original) A method according to claim 40, wherein: 

said steps of receiving, associating and allowing are performed without said first 
entity providing a password for said second entity. 
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45. (Original) One or more processor readable storage devices having 
processor readable code embodied on said processor readable storage devices, said processor 
readable code for programming one or more processors to perform a method comprising the 
steps of: 

receiving an indication that a first entity can be a proxy for a second entity, said 
indication is from said second entity; 

receiving an indication from said first entity to become said proxy for said second 

entity; 

associating said fist entity with one or more credentials of said second entity 
without authenticating said first entity as said second entity; and 

allowing said first entity to use said system as said second entity based on said 
one or more credentials of said second entity. 

46. (Original) One or more processor readable storage devices according to 
claim 45, wherein: 

said step of associating includes storing an identification of said second entity in a 
data element used to identify said first entity. 

47. (Currently Amended) One or more processor readable storage devices 
according to claim 45, wherein: 

said step of associating includes the steps of: 

accessing a first cookie for said first entity, said first cookie stores an 
identification of said first entity, 

storing said identification of said first entity in a second cookie, and 
storing an identification of said second entity in said [[an]] first cookie for 

said first entity; and 

said method further comprises the steps of: 

receiving a request to terminate said first entity being a proxy for said [['.]] 

second entity, 
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accessing said identification of said first entity in said second cookie, and 
storing said identification of said first entity in said first cookie for said 

first entity. 

48. (Currently Amended) One or more processor readable storage devices 
according to claim 47, wherein said step of allowing includes the steps of: 

receiving a request from said first entity to access a service; 
accessing said identification of said second entity in said first cookie; [[.]] 
accessing attributes for said second entity based on said identification of said 
second entity in said first cookie; and 

providing access to said service based on said attributes for said second entity. 

49. (Original) One or more processor readable storage devices according to 
claim 45, wherein: 

said steps of receiving, associating and allowing are performed without said first 
entity providing a password for said second entity. 



OID-2005- 162-02 



Page 14 of 17 



